From 6b8db0bce33d75b1181e86e55305e1e320102440 Mon Sep 17 00:00:00 2001
From: Stefan Wahren <stefan.wahren@i2se.com>
Date: Fri, 26 May 2017 00:26:22 +0200
Subject: [PATCH] staging: vchiq_core: Bail out if service is NULL
Git-commit: 6b8db0bce33d75b1181e86e55305e1e320102440
Patch-mainline: v4.13-rc1
References: FATE#324827
In the unlikely case that service is NULL we should bail out instead
of calling BUG_ON(). The other BUG_ON calls will be fixed in separate
patches.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c | 38 ++++++----
1 file changed, 24 insertions(+), 14 deletions(-)
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
@@ -288,9 +288,11 @@ void
lock_service(VCHIQ_SERVICE_T *service)
{
spin_lock(&service_spinlock);
- BUG_ON(!service || (service->ref_count == 0));
- if (service)
+ WARN_ON(!service);
+ if (service) {
+ BUG_ON(service->ref_count == 0);
service->ref_count++;
+ }
spin_unlock(&service_spinlock);
}
@@ -298,17 +300,21 @@ void
unlock_service(VCHIQ_SERVICE_T *service)
{
spin_lock(&service_spinlock);
- BUG_ON(!service || (service->ref_count == 0));
- if (service && service->ref_count) {
- service->ref_count--;
- if (!service->ref_count) {
- VCHIQ_STATE_T *state = service->state;
-
- BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);
- state->services[service->localport] = NULL;
- } else
- service = NULL;
+ if (!service) {
+ WARN(1, "%s: service is NULL\n", __func__);
+ goto unlock;
+ }
+ BUG_ON(service->ref_count == 0);
+ service->ref_count--;
+ if (!service->ref_count) {
+ VCHIQ_STATE_T *state = service->state;
+
+ BUG_ON(service->srvstate != VCHIQ_SRVSTATE_FREE);
+ state->services[service->localport] = NULL;
+ } else {
+ service = NULL;
}
+unlock:
spin_unlock(&service_spinlock);
if (service && service->userdata_term)
@@ -821,7 +827,12 @@ queue_message(VCHIQ_STATE_T *state, VCHI
if (type == VCHIQ_MSG_DATA) {
int tx_end_index;
- BUG_ON(!service);
+ if (!service) {
+ WARN(1, "%s: service is NULL\n", __func__);
+ mutex_unlock(&state->slot_mutex);
+ return VCHIQ_ERROR;
+ }
+
BUG_ON((flags & (QMFLAGS_NO_MUTEX_LOCK |
QMFLAGS_NO_MUTEX_UNLOCK)) != 0);
@@ -922,7 +933,6 @@ queue_message(VCHIQ_STATE_T *state, VCHI
header, size, VCHIQ_MSG_SRCPORT(msgid),
VCHIQ_MSG_DSTPORT(msgid));
- BUG_ON(!service);
BUG_ON((flags & (QMFLAGS_NO_MUTEX_LOCK |
QMFLAGS_NO_MUTEX_UNLOCK)) != 0);